Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG7 Kernel Error_ Insufficient system resources


  • Please log in to reply
3 replies to this topic

#1 MissHoney

MissHoney

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 02 February 2009 - 11:39 PM

Haven't been able to update/access/run AVG for about a month now. Hasn't been much of a problem, except susceptibility to bad internet mojo! Not too savvy myself, but I got the Device Manager and there are a few yellow exclamation points under the Non-Plug and Play Drivers(AVG7 Kernel, AVG Resident Driver XP,Parport,Serial). Tried to restart the service, but all I got was Error!-(see below)-; Please Help! Thanks in advance!!!

Windows XP
Device Manager/Non-Plug and Play Drivers/AVG7 Kernel/ Driver Tab/ Current Status: Stopped
Error on Start: AVG Kernel "The system encountered the following error while attempting to start the service. Insufficient system resources exist to complete the requested service."

{Over 10G clean on the main drive and 1T external, so how can there be a lack in resource?}

:thumbsup:

Edited by MissHoney, 03 February 2009 - 12:59 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:26 PM

Posted 04 February 2009 - 12:06 PM

That kernel error can be due to software and updated system files that are not compatible with the older versions of AVG as indicated here. AVG is currently at version 8.

With Device Manager you can identify problems entries (colored coded symbols) as described here. Also see "Troubleshooting Device Manager Issues".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 MissHoney

MissHoney
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 11 February 2009 - 03:51 PM

ok. I managed to get AVG updated to 8, and it seems to be functioning well. :thumbsup:

ow, I'm not sure if I need to make a new post but...

I have also run SpyBot and gotten a LARGE number of "hits". Also ran a check on the System Internals and found a LOT of registry issues, but I do not know what to fix/delete. Should I just let S&D do it's thing? Here are the reports, maybe someone can tell if there are any other issues that need to be addressed.

SpyBot Report also Resident and System Internals


--- Search result list ---
MyWay.MyWebSearch: [SBI $666159FE] Data (File, fixed)
C:\Program Files\Mozilla Firefox\chrome\a2ffxtbr.jar
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MyWay.MyWebSearch: [SBI $1B0E2C85] Data (File, fixed)
C:\Program Files\Mozilla Firefox\chrome\a2ffxtbr.manifest
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2006-01-18 unins000.exe (51.41.0.0)
2009-02-11 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-01-22 Includes\Adware.sbi (*)
2009-01-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-02-10 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2009-02-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-02-10 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-02-10 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-02-03 Includes\Trojans.sbi (*)
2009-02-10 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1

(KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET

Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be

uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET

Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be

uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET

Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be

uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/928365
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to

another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to

another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK

(KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10

(KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10

(KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11

(KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4

(KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB884575
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)


--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: E7BE65BF79906AEBC698E077D53F6A1C

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1601304
MD5: 1FC8B35E97123A9DF64F092DA8784E4C

Located: HK_LM:Run, Broadcom Wireless Manager UI
command: C:\WINDOWS\system32\WLTRAY.exe
file: C:\WINDOWS\system32\WLTRAY.exe
size: 1236992
MD5: F11C343318DA14137669AE14ADE27DF1

Located: HK_LM:Run, Cpqset
command: C:\Program Files\HPQ\Default Settings\cpqset.exe
file: C:\Program Files\HPQ\Default Settings\cpqset.exe
size: 213054
MD5: ABD44CD38087B0FC2C369B80197A4B9A

Located: HK_LM:Run, hpWirelessAssistant
command: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
file: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
size: 507904
MD5: 2DF07BC576F814D9122F338EAD4B4220

Located: HK_LM:Run, ISUSPM
command: "C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: KHALMNPR.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
file: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1388544
MD5: C06F1A3FF958A10F828EEE828623E193

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 688218
MD5: A0AC3841DC595B5D86AB9E5016A0E36A

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98394
MD5: AB349998E551DE1C0DCC5AD63CE41D31

Located: HK_LM:RunOnce, SpybotDeletingA1479
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA1675
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA2675
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA4028
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA4246
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA4256
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA5265
command: command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
file: command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA5332
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA5419
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA5959
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA646
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA695
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA7527
command: command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
file: command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA8943
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA9061
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA9278
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA9793
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC146
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC2487
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC2725
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC3050
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC325
command: cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC3696
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC3783
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC4441
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC5622
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC6026
command: cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC7026
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC7096
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC7572
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC7975
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC8131
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC820
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC9604
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:Run, Acrobat Assistant 8.0 (DISABLED)
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 623992
MD5: 5369A26E89C68E9420AE9B9CC6305834

Located: HK_LM:Run, Adobe Photo Downloader (DISABLED)
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2

\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2

\Apps\apdproxy.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, Adobe Version Cue CS2 (DISABLED)
command: "C:\Program Files\Adobe\Adobe Version Cue CS2

\ControlPanel\VersionCueCS2Tray.exe"
file: C:\Program Files\Adobe\Adobe Version Cue CS2

\ControlPanel\VersionCueCS2Tray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe_ID0EYTHM (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
size: 1884160
MD5: C1873D880786B6B03AF781E23835D925

Located: HK_LM:Run, CanonMyPrinter (DISABLED)
command: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
file: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
size: 1603152
MD5: 2F0F0E6AA6F5874E13E792996077138B

Located: HK_LM:Run, CHotkey (DISABLED)
command: mHotkey.exe
file: C:\WINDOWS\mHotkey.exe
size: 550912
MD5: F97AE5C79A9B268CAB8BB6DB1A4942A9

Located: HK_LM:Run, Device Detector (DISABLED)
command: DevDetect.exe -autorun
file: DevDetect.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, DiskeeperSystray (DISABLED)
command: "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
file: C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
size: 221184
MD5: B4C79D535C0BEF9C47D698FBDFB603C9

Located: HK_LM:Run, eFax 4.1 (DISABLED)
command: "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
file: C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, eFax 4.2 (DISABLED)
command: "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
file: C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, EzPrint (DISABLED)
command: "C:\Program Files\Lexmark Z2300 Series\ezprint.exe"
file: C:\Program Files\Lexmark Z2300 Series\ezprint.exe
size: 107176
MD5: 856BAAB0D6DE7C54A9B3B2319243B5ED

Located: HK_LM:Run, IgfxTray (DISABLED)
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: FC7D40EC3C05E85AB0F41C247BEF3471

Located: HK_LM:Run, iTunesHelper (DISABLED)
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC

Located: HK_LM:Run, KernelFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, lxdpmon.exe (DISABLED)
command: "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
file: C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
size: 656040
MD5: 25B5EFA2AFDB35091D09F54247527CFF

Located: HK_LM:Run, MediaFace Integration (DISABLED)
command: C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
file: C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
size: 53248
MD5: D8D558089F04B9D3CE35D9834492A2CF

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: 6DF76965A0FB8237E9C3B3CAB9815EC2

Located: HK_LM:Run, SoundMAX (DISABLED)
command: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
file: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
size: 860160
MD5: A00684FD9E951546E70A1B74BD62703E

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100

Located: HK_LM:Run, TkBellExe (DISABLED)
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -

osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7

Located: HK_LM:Run, WatchDog (DISABLED)
command: C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
file: C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
size: 184320
MD5: 8EA3BE7165E2264B6B7B5B3B612440A7

Located: HK_CU:Run, iLike
where: .DEFAULT...
command: C:\Program Files\iLike\1.2.11\ilikesidebar.exe /checkforupdate
file: C:\Program Files\iLike\1.2.11\ilikesidebar.exe
size: 63024
MD5: 8EC8F17CD3F52EB7793818654703E0D5

Located: HK_CU:Run, MySpaceIM
where: .DEFAULT...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 9555968
MD5: F7335700A80C7D296D040B963EBC9A90

Located: HK_CU:Run, MySpaceIM
where: PE_C_ALL USERS...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 9555968
MD5: F7335700A80C7D296D040B963EBC9A90

Located: HK_CU:RunOnce, NeroHomeFirstStart
where: PE_C_ALL USERS...
command: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
file: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
size: 10752
MD5: 846ACCD11B75F144D48CD7BBBE9766E1

Located: HK_CU:Run, LTM2
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: C:\WINDOWS\litmus\MSGSRV32.exe
file: C:\WINDOWS\litmus\MSGSRV32.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: HK_CU:RunOnce, SpybotDeletingB108
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB1579
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB210
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB3545
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
file: command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB3652
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB4199
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB4504
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB496
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB5579
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB6110
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB6753
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
file: command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB8333
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB8505
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB8612
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
file: command.com /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB894
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB9106
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB9755
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD1248
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD1657
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD2070
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD3104
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD3165
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD3212
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD3253
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD4842
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD591
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD5929
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD6060
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD6433
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD663
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD6745
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD729
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD9321
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD9912
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:Run, DAEMON Tools Lite (DISABLED)
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
file: C:\Program Files\DAEMON Tools Lite\daemon.exe
size: 486856
MD5: B3507538A9BA346A898150032869A523

Located: HK_CU:Run, msnmsgr (DISABLED)
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60

Located: HK_CU:Run, MySpaceIM (DISABLED)
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 9555968
MD5: F7335700A80C7D296D040B963EBC9A90

Located: HK_CU:Run, swg (DISABLED)
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462

\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462

\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, WMPNSCFG (DISABLED)
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: 7EAED08CCCA4DDDE61A388C82598CFA9

Located: HK_CU:Run, Yahoo! Pager (DISABLED)
where: S-1-5-21-1229272821-507921405-839522115-1004...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4662776
MD5: 3A756D4066CC3BB8426EB08ABB6B5B10

Located: HK_CU:Run, iLike
where: S-1-5-18...
command: C:\Program Files\iLike\1.2.11\ilikesidebar.exe /checkforupdate
file: C:\Program Files\iLike\1.2.11\ilikesidebar.exe
size: 63024
MD5: 8EC8F17CD3F52EB7793818654703E0D5

Located: HK_CU:Run, MySpaceIM
where: S-1-5-18...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 9555968
MD5: F7335700A80C7D296D040B963EBC9A90

Located: Startup (common), Adobe Acrobat Speed Launcher.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}

\SC_Acrobat.exe
file: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}

\SC_Acrobat.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), Adobe Gamma Loader.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Startup (common), ColorVisionStartup.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
file: C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
size: 385024
MD5: 1ED3FB8AAFEB4E32BC26EA6D07FE1334

Located: Startup (common), eFax 4.2.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\eFax Messenger 4.2\J2GTray.exe
file: C:\Program Files\eFax Messenger 4.2\J2GTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), Logitech SetPoint.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), Monitor.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
file: C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
size: 114688
MD5: 6AE6E990D8295BB24D361320059F80BD

Located: Startup (common), QuickBooks Update Agent.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
file: C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn (DISABLED)
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon (DISABLED)
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 10:08:42 PM
Date (last access): 2/11/2009 2:11:34 PM
Date (last write): 10/22/2006 10:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{074C1DC5-9320-4A9A-947D-C042949C6216} (ContributeBHO Class)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name: ContributeBHO Class
Path: C:\Program Files\Adobe\
Long name: contributeieplugin.dll
Short name: CONTRI~1.DLL
Date (created): 3/16/2007 2:13:06 PM
Date (last access): 2/11/2009 2:11:34 PM
Date (last write): 3/16/2007 2:13:06 PM
Filesize: 118784
Attributes: archive
MD5: E23691A98928CE49586753982B8402A2
CRC32: 2CAFCB5A
Version: 1.0.0.0

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin

for Internet Explorer)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet

Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 5/10/2008 10:40:12 PM
Date (last access): 2/11/2009 2:13:50 PM
Date (last write): 5/10/2008 10:40:12 PM
Filesize: 308856
Attributes: archive
MD5: 33440A3EF90AF7ED74EE55CA634A9CFA
CRC32: B00E58A9
Version: 1.0.1.57

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com

IESiteBlocker.NavFilter)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 2/10/2009 10:58:56 PM
Date (last access): 2/11/2009 11:42:00 AM
Date (last write): 2/10/2009 10:58:56 PM
Filesize: 1078552
Attributes: archive
MD5: 2225E1B951EC0E3209D11C167F96D834
CRC32: 5A9069E9
Version: 8.0.0.223

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 1/18/2006 11:21:28 PM
Date (last access): 2/11/2009 3:13:48 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 12/19/2005 2:32:44 PM
Date (last access): 2/11/2009 2:11:34 PM
Date (last write): 8/3/2004 1:05:00 AM
Filesize: 118842
Attributes: archive
MD5: 4F9F33FE6C6462002F981DF5BB67E0A5
CRC32: 01A23B03
Version: 1.4.8.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 2/11/2009 2:11:34 PM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows

Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 4/17/2006 12:32:58 PM
Date (last access): 2/11/2009 1:05:50 PM
Date (last write): 4/17/2006 12:32:58 PM
Filesize: 323904
Attributes: archive
MD5: 4D834364B09155778A3330A67EBD4621
CRC32: D2CB2586
Version: 4.0.248.1

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2007 11:00:44 PM
Date (last access): 2/11/2009 1:05:50 PM
Date (last write): 5/10/2007 9:47:04 PM
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0



--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://www.pcpitstop.com/betapit/PCPitStop.CAB
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 11/30/2005 10:37:52 AM
Date (last access): 2/11/2009 1:25:06 AM
Date (last write): 10/22/2008 1:02:46 PM
Filesize: 457432
Attributes: archive
MD5: B760C2D3C56BD62028F0E5521A90F613
CRC32: 9D82DE18
Version: 1.0.0.196

{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase:

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 4/6/2004 7:03:54 PM
Date (last access): 2/11/2009 1:25:06 AM
Date (last write): 4/6/2004 7:03:54 PM
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 9.2.7513.1

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 7/12/2005 6:04:22 PM
Date (last access): 2/11/2009 2:11:18 PM
Date (last write): 9/20/2006 4:35:52 PM
Filesize: 571696
Attributes: archive
MD5: 9E71AE8A980FDA626562D05176EB955D
CRC32: 48A1E83A
Version: 1.5.554.0

{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class)
DPF name:
CLSID name: VerifyGMN Class
Installer: C:\WINDOWS\Downloaded Program

Files\hpobjinstaller_gmn.inf
Codebase:

http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
description:
classification: Legitimate
known filename: hpobjinstaller_gmn.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: hpobjinstaller_gmn.dll
Short name: HPOBJI~1.DLL
Date (created): 10/20/2005 4:02:58 PM
Date (last access): 2/11/2009 1:25:06 AM
Date (last write): 10/20/2005 4:02:58 PM
Filesize: 671336
Attributes: archive
MD5: 39278FE196B870C7840695E894759E38
CRC32: B201468E
Version: 1.0.0.11

{25365FF3-2746-4230-9DA7-163CCA318309} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gtdownlr_118.inf
Codebase: http://inst.c-wss.com/135p/html/gtdownlr.cab
description:
classification: Open for discussion
known filename: gtdownlr_82.ocx
info link:
info source: Safer Networking Ltd.

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 1/27/2007 2:54:42 AM
Date (last access): 9/18/2008 3:52:50 AM
Date (last write): 7/30/2006 1:25:34 PM
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase:

http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 11/17/2005 11:12:26 PM
Date (last access): 2/11/2009 2:10:26 PM
Date (last write): 11/17/2005 11:12:26 PM
Filesize: 533504
Attributes: archive
MD5: 24F3058766D5FC3FD0F37F6D6EE6FE9B
CRC32: F1FAEDE3
Version: 12.0.3208.1014

{48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control)
DPF name:
CLSID name: MySpace Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\MySpaceUploader.inf
Codebase: http://lads.myspace.com/upload/MySpaceUploader1006.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MySpaceUploader.ocx
Short name: MYSPAC~1.OCX
Date (created): 2/1/2008 2:17:04 AM
Date (last access): 9/18/2008 3:56:48 AM
Date (last write): 2/1/2008 2:17:04 AM
Filesize: 2637440
Attributes: archive
MD5: 2245B3CAE09AF148D983F88F62153628
CRC32: A47295FA
Version: 1.0.0.6

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1

\MsnPUpld.inf
Codebase: http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: MsnPUpld.dll
Short name:
Date (created): 6/20/2006 2:44:04 PM
Date (last access): 1/29/2009 8:40:46 PM
Date (last write): 6/20/2006 2:44:04 PM
Filesize: 379704
Attributes: archive
MD5: D2FB109C3F0DAAAA4A73E5921656DB3E
CRC32: A13093E8
Version: 10.0.913.0

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINDOWS\Downloaded Program Files\oscan8.inf
Codebase:

http://download.bitdefender.com/resources/scan8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: oscan82.ocx
Short name:
Date (created): 2/26/2008 2:59:18 PM
Date (last access): 9/18/2008 3:56:48 AM
Date (last write): 2/26/2008 2:59:18 PM
Filesize: 487424
Attributes: archive
MD5: 230A39D8950142CF2C94A5C1E567E95E
CRC32: A546A5BB
Version: 1.0.0.1

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase:

http://update.microsoft.com/microsoftupdat...86/client/muweb

_site.cab?1151498501609
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 3:19:32 AM
Date (last access): 2/11/2009 2:11:18 PM
Date (last write): 7/30/2007 6:19:04 PM
Filesize: 207736
Attributes: archive
MD5: 2DEE560CCEF55353EB62FDA870446393
CRC32: 5AA71F7B
Version: 7.0.6000.381

{7A7BA269-2D21-4B33-B60A-8510A1865D5F} (IWS Photo Upload Tool)
DPF name:
CLSID name: IWS Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf
Codebase:

http://public2.uploader.officelive.com/_la...eX/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 12/2/2005 12:14:36 AM
Date (last access): 2/11/2009 2:09:54 PM
Date (last write): 12/2/2005 12:14:36 AM
Filesize: 318176
Attributes: archive
MD5: E6C2A6EC2B730DFAF83FFCFA3D4F1D5B
CRC32: 7DA82E0A
Version: 10.0.911.0

{7D0488AF-B465-11D5-8AF8-00B0D025F75C} (gercheck Class)
DPF name:
CLSID name: gercheck Class
Installer: C:\WINDOWS\Downloaded Program Files\ascutil.inf
Codebase: http://config.academic.com/peeker/install/ascutil.cab
Path: C:\WINDOWS\system32\
Long name: ascutil.dll
Short name:
Date (created): 12/1/2003 12:26:30 PM
Date (last access): 2/11/2009 2:09:58 PM
Date (last write): 12/1/2003 12:26:30 PM
Filesize: 88576
Attributes: archive
MD5: 318F94A66AACCE31EF226356874CBF32
CRC32: 1A1301E6
Version: 1.0.0.2

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-

windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 2/1/2009 10:47:36 PM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities

Class v8)
DPF name:
CLSID name: QuickBooks Online Edition Utilities Class v8
Installer:
Codebase: https://accounting.quickbooks.com/c1/v15.255/qboax8.cab
description:
classification: Open for discussion
known filename: qboax8.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: qboax8.dll
Short name:
Date (created): 6/6/2005 3:44:38 PM
Date (last access): 2/11/2009 1:25:08 AM
Date (last write): 6/6/2005 3:44:38 PM
Filesize: 225280
Attributes: archive
MD5: 9C5FEFE81DEBDC953289353DB105C4D7
CRC32: 2A52B62C
Version: 1.0.0.13

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase:

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~2.DLL
Date (created): 5/29/2003 3:00:20 PM
Date (last access): 2/11/2009 1:25:06 AM
Date (last write): 5/29/2003 3:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{AC3B2861-5ACB-11D4-ABED-204C4F4F5020} (instchk Class)
DPF name:
CLSID name: instchk Class
Installer: C:\WINDOWS\Downloaded Program Files\asccom2.inf
Codebase: http://config.academic.com/peeker/install/asccom2.cab
Path: C:\WINDOWS\system32\
Long name: asccom2.dll
Short name:
Date (created): 6/9/2001 10:27:38 PM
Date (last access): 2/11/2009 2:10:32 PM
Date (last write): 6/9/2001 10:27:38 PM
Filesize: 119296
Attributes: archive
MD5: FFE7361BE7A35BD661C52A3A15C16986
CRC32: 330F6EF9
Version: 1.0.0.12

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl

Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program

Files\MsnMessengerSetupDownloader.inf
Codebase:

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 8/14/2005 12:26:04 AM
Date (last access): 9/18/2008 3:56:48 AM
Date (last write): 8/14/2005 12:26:04 AM
Filesize: 113664
Attributes: archive
MD5: C403792A3FF639C215067D5AA680C482
CRC32: 7CD0769A
Version: 1.0.0.3

{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Zintro.ocx
Short name:
Date (created): 11/17/2004 10:44:52 PM
Date (last access): 9/18/2008 3:56:48 AM
Date (last write): 11/17/2004 10:44:52 PM
Filesize: 114728
Attributes: archive
MD5: F94C4867418A1CA860D784CCD807740B
CRC32: 5DCE6500
Version: 9.3.2846.1

{BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class)
DPF name:
CLSID name: CBreakshotControl Class
Installer:
Codebase:

http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
description:
classification: Legitimate
known filename: Banksht2.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Banksht2.dll
Short name:
Date (created): 5/11/2004 11:55:38 AM
Date (last access): 2/11/2009 2:09:54 PM
Date (last write): 5/11/2004 11:55:38 AM
Filesize: 1277992
Attributes: archive
MD5: 5409FBE248ACC1E2A8FE5C03442BEF74
CRC32: FC1429F1
Version: 1.0.5.11

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-

windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 2/11/2009 3:13:54 PM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-

windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 2/11/2009 3:13:54 PM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase:

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10a.ocx
Short name:
Date (created): 10/4/2008 10:16:26 PM
Date (last access): 2/11/2009 2:57:14 AM
Date (last write): 10/4/2008 10:16:26 PM
Filesize: 3789728
Attributes: readonly archive
MD5: 466C1355934925768822E380DA6E6E4A
CRC32: 48EC1E52
Version: 10.0.12.36

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
DPF name:
CLSID name: PopCapLoader Object
Installer: C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Codebase: http://myspace.oberon-media.com/gameshell/games/channel-

-110343720/lc--en/room--34cfafbf-316b-4bbd-84b8-

e49b57331d8a/online/bejeweled_2/en/popcaploader_v10.cab
description:
classification: Legitimate
known filename: POPCAPLOADER.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: popcaploader.dll
Short name: POPCAP~1.DLL
Date (created): 9/7/2007 2:16:28 PM
Date (last access): 2/11/2009 1:25:08 AM
Date (last write): 9/7/2007 2:16:28 PM
Filesize: 136512
Attributes: archive
MD5: 80EFBB1A0B6E0972C19DD7FE948D37D0
CRC32: 32B681CA
Version: 1.0.0.10

{E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control)
DPF name:
CLSID name: Driver Agent ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\driveragent.inf
Codebase: http://driveragent.com/files/driveragent.cab
description:
classification: Legitimate
known filename: driveragent.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: driveragent.ocx
Short name: DRIVER~1.OCX
Date (created): 3/2/2006 12:13:48 PM
Date (last access): 9/18/2008 3:56:46 AM
Date (last write): 3/2/2006 12:13:48 PM
Filesize: 429568
Attributes: archive
MD5: 0A4ED4C5638E34EC5EE5E2866EF8C32B
CRC32: 8AB20B74
Version: 2.2006.3.2



--- Process list ---
PID: 0 ( 0) [System]
PID: 592 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 656 ( 592) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 680 ( 592) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 724 ( 680) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 736 ( 680) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 908 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 984 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1024 ( 724) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1084 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1176 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1288 ( 724) C:\WINDOWS\System32\WLTRYSVC.EXE
size: 18944
MD5: 61E71BC3CD3530444000A9B68F7EE931
PID: 1300 (1288) C:\WINDOWS\System32\bcmwltry.exe
size: 1093632
MD5: 9A0CE1DB25F1CDD3ED11236884800538
PID: 1356 ( 724) C:\WINDOWS\system32\brsvc01a.exe
size: 57344
MD5: CAC61BDD786A6928989451871FBCEDB8
PID: 1384 (1356) C:\WINDOWS\system32\brss01a.exe
size: 45056
MD5: 9E646CD378D4D0C996BAF9BCB18237C7
PID: 1388 ( 724) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1480 ( 724) C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
size: 110592
MD5: 3A4982DF893F198A2DFBCCD4CE10F93A
PID: 1496 ( 724) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 298264
MD5: C661B44D8E12EA95F51BAF2AEFF6364B
PID: 1512 ( 724) C:\Program Files\Bonjour\mDNSResponder.exe
size: 229376
MD5: CFD4C3352E29A8B729536648466E8DF5
PID: 1528 ( 724) C:\Program Files\Diskeeper

Corporation\Diskeeper\DkService.exe
size: 765952
MD5: B09DF4AE62909CED13EB2DCDB612FAFE
PID: 1704 ( 724) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1880 ( 724) C:\WINDOWS\system32\lxdpcoms.exe
size: 594600
MD5: 747453E5E87C68A23A2934E6E9D6A999
PID: 1916 ( 724) C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1972 ( 724) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
size: 45056
MD5: 3978F082274F723AD5A0A8058C2417DD
PID: 2044 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 380 ( 724) C:\Program Files\Windows Media Player\WMPNetwk.exe
size: 913408
MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
PID: 932 (1496) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 484120
MD5: AC2589EDE1924B59575DC3A747EF9831
PID: 1276 ( 724) C:\Program Files\Canon\CAL\CALMAIN.exe
size: 96341
MD5: 5753532C476B83119D85AA43B1B10AB3
PID: 1752 ( 724) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2808 (2712) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 3056 (2808) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1388544
MD5: C06F1A3FF958A10F828EEE828623E193
PID: 3084 (2808) C:\Program Files\hpq\HP Wireless Assistant\HP Wireless

Assistant.exe
size: 507904
MD5: 2DF07BC576F814D9122F338EAD4B4220
PID: 3100 (2808) C:\WINDOWS\system32\WLTRAY.exe
size: 1236992
MD5: F11C343318DA14137669AE14ADE27DF1
PID: 3128 (2808) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98394
MD5: AB349998E551DE1C0DCC5AD63CE41D31
PID: 3216 (2808) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 688218
MD5: A0AC3841DC595B5D86AB9E5016A0E36A
PID: 3240 ( 908) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 3248 (2808) C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: E7BE65BF79906AEBC698E077D53F6A1C
PID: 3360 (2808) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1601304
MD5: 1FC8B35E97123A9DF64F092DA8784E4C
PID: 3380 ( 908) C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
size: 516182
MD5: B574D62402D330527E5DF6565050553B
PID: 2164 (1764) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1
PID: 3656 (2808) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2/11/2009 3:13:55 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.daemon-search.com/startpage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...cid={SUB_CLSID}

&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet

Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet

Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet

Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{66F14CFF-3B71-4AC5-A093-

EE880DFE7928}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{66F14CFF-3B71-4AC5-A093-

EE880DFE7928}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9BF2386B-E6F0-4EEC-ADE9-

6F1AB3C1EA37}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9BF2386B-E6F0-4EEC-ADE9-

6F1AB3C1EA37}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{866ABAEC-1EFC-4A78-9E1D-

192298623B2F}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{866ABAEC-1EFC-4A78-9E1D-

192298623B2F}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3DE6F6B-5C99-407F-81EC-

3C94BCF6F6D0}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3DE6F6B-5C99-407F-81EC-

3C94BCF6F6D0}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{25D9E699-3DB8-4117-B4AB-

5A2258EB2456}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{25D9E699-3DB8-4117-B4AB-

5A2258EB2456}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A1F5AE4-F26C-455A-8D4E-

3147404ED5B2}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A1F5AE4-F26C-455A-8D4E-

3147404ED5B2}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP





2/11/2009 1:15:40 PM Allowed (based on user decision) value "{F0D4B231-DA4B-

4daf-81E4-DFEE4931A4AA}" (new data: "") deleted in Browser Helper Object!
2/11/2009 1:16:01 PM Allowed (based on user decision) value

"SpybotDeletingB5579" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"") added in System Startup user entry!
2/11/2009 1:16:26 PM Allowed (based on user decision) value

"SpybotDeletingD6745" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"") added in System Startup user entry!
2/11/2009 1:31:09 PM Allowed (based on user decision) value

"SpybotDeletingB3652" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"") added in System Startup user entry!
2/11/2009 1:31:16 PM Allowed (based on user decision) value

"SpybotDeletingD5929" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"") added in System Startup user entry!
2/11/2009 1:31:18 PM Allowed (based on user decision) value

"SpybotDeletingB8612" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"") added in System Startup user entry!
2/11/2009 1:32:23 PM Allowed (based on user decision) value

"SpybotDeletingD663" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"") added in System Startup user entry!
2/11/2009 1:32:26 PM Allowed (based on user decision) value

"SpybotDeletingB6753" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"") added in System Startup user

entry!
2/11/2009 1:32:33 PM Allowed (based on user decision) value

"SpybotDeletingD1248" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"") added in System Startup user

entry!
2/11/2009 1:32:34 PM Allowed (based on user decision) value

"SpybotDeletingB3545" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"") added in System Startup user

entry!
2/11/2009 2:05:07 PM Allowed (based on user decision) value

"SpybotDeletingD6060" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"") added in System Startup user

entry!
2/11/2009 2:05:09 PM Allowed (based on user decision) value

"SpybotDeletingB108" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"") added in System Startup user entry!
2/11/2009 2:05:22 PM Allowed (based on user decision) value

"SpybotDeletingD4842" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"") added in System Startup user entry!
2/11/2009 2:05:23 PM Allowed (based on user decision) value

"SpybotDeletingB4504" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\ASKSBAR.DLL"") added in System Startup user entry!
2/11/2009 2:05:35 PM Allowed (based on user decision) value

"SpybotDeletingD3212" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\ASKSBAR.DLL"") added in System Startup user entry!
2/11/2009 2:05:37 PM Allowed (based on user decision) value

"SpybotDeletingB8333" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\NPASKSBR.DLL"") added in System Startup user entry!
2/11/2009 2:05:44 PM Allowed (based on user decision) value

"SpybotDeletingD6433" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\NPASKSBR.DLL"") added in System Startup user entry!
2/11/2009 2:05:46 PM Allowed (based on user decision) value

"SpybotDeletingB4199" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"") added in System Startup user entry!
2/11/2009 2:05:56 PM Allowed (based on user decision) value

"SpybotDeletingD591" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"") added in System Startup user entry!
2/11/2009 2:05:58 PM Allowed (based on user decision) value

"SpybotDeletingA9793" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"") added in System Startup global entry!
2/11/2009 2:06:05 PM Allowed (based on user decision) value

"SpybotDeletingC146" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2HIGHIN.EXE"") added in System Startup global entry!
2/11/2009 2:06:07 PM Allowed (based on user decision) value

"SpybotDeletingA9278" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"") added in System Startup global entry!
2/11/2009 2:06:14 PM Allowed (based on user decision) value

"SpybotDeletingC7572" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.JAR"") added in System Startup global entry!
2/11/2009 2:06:17 PM Allowed (based on user decision) value

"SpybotDeletingA8943" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"") added in System Startup global entry!
2/11/2009 2:06:24 PM Allowed (based on user decision) value

"SpybotDeletingC2487" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.JAR"") added in System Startup global entry!
2/11/2009 2:06:27 PM Allowed (based on user decision) value

"SpybotDeletingA7527" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"") added in System Startup global

entry!
2/11/2009 2:06:33 PM Allowed (based on user decision) value

"SpybotDeletingC6026" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"") added in System Startup global

entry!
2/11/2009 2:06:36 PM Allowed (based on user decision) value

"SpybotDeletingA5265" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"") added in System Startup global

entry!
2/11/2009 2:06:43 PM Allowed (based on user decision) value

"SpybotDeletingC325" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"") added in System Startup global

entry!
2/11/2009 2:06:46 PM Allowed (based on user decision) value

"SpybotDeletingA4246" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"") added in System Startup global entry!
2/11/2009 2:06:52 PM Allowed (based on user decision) value

"SpybotDeletingC3050" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\A2PLUGIN.DLL"") added in System Startup global entry!
2/11/2009 2:06:53 PM Allowed (based on user decision) value

"SpybotDeletingA9061" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\ASKSBAR.DLL"") added in System Startup global entry!
2/11/2009 2:06:59 PM Allowed (based on user decision) value

"SpybotDeletingC8131" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\ASKSBAR.DLL"") added in System Startup global entry!
2/11/2009 2:06:59 PM Allowed (based on user decision) value

"SpybotDeletingA4256" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\NPASKSBR.DLL"") added in System Startup global entry!
2/11/2009 2:07:07 PM Allowed (based on user decision) value

"SpybotDeletingC3696" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\NPASKSBR.DLL"") added in System Startup global entry!
2/11/2009 2:07:09 PM Allowed (based on user decision) value

"SpybotDeletingA646" (new data: "command.com /c del "C:\Program

Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"") added in System Startup global entry!
2/11/2009 2:07:16 PM Allowed (based on user decision) value

"SpybotDeletingC2725" (new data: "cmd.exe /c del "C:\Program

Files\AskSBar\bar\1.bin\V2RSSMNU.DLL"") added in System Startup global entry!
2/11/2009 2:07:22 PM Allowed (based on user decision) value "{F0D4B239-DA4B-

4DAF-81E4-DFEE4931A4AA}" (new data: "") deleted in User-specific browser

toolbar!
2/11/2009 2:07:24 PM Allowed (based on user decision) value "{F0D4B239-DA4B-

4daf-81E4-DFEE4931A4AA}" (new data: "") deleted in Global browser toolbar!
2/11/2009 2:23:06 PM Allowed (based on user decision) value

"SpybotDeletingB1579" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.jar"") added in System Startup user

entry!
2/11/2009 2:23:13 PM Allowed (based on user decision) value

"SpybotDeletingD9912" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup user entry!
2/11/2009 2:23:15 PM Allowed (based on user decision) value

"SpybotDeletingA5332" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.jar"") added in System Startup global

entry!
2/11/2009 2:23:28 PM Allowed (based on user decision) value

"SpybotDeletingC7026" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup global entry!
2/11/2009 2:23:37 PM Allowed (based on user decision) value

"SpybotDeletingA4028" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.manifest"") added in System Startup

global entry!
2/11/2009 2:23:49 PM Allowed (based on user decision) value

"SpybotDeletingC7096" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup global entry!
2/11/2009 2:23:53 PM Allowed (based on user decision) value

"SpybotDeletingB210" (new data: "command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup user entry!
2/11/2009 2:23:59 PM Allowed (based on user decision) value

"SpybotDeletingD3104" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup user entry!
2/11/2009 2:36:31 PM Allowed (based on user decision) value

"SpybotDeletingB6110" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.jar"") added in System Startup user

entry!
2/11/2009 2:36:54 PM Allowed (based on user decision) value

"SpybotDeletingD1657" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup user entry!
2/11/2009 2:36:56 PM Allowed (based on user decision) value

"SpybotDeletingB894" (new data: "command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup user entry!
2/11/2009 2:37:07 PM Allowed (based on user decision) value

"SpybotDeletingD3165" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup user entry!
2/11/2009 2:37:09 PM Allowed (based on user decision) value

"SpybotDeletingA695" (new data: "command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup global entry!
2/11/2009 2:37:17 PM Allowed (based on user decision) value

"SpybotDeletingC9604" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup global entry!
2/11/2009 2:37:19 PM Allowed (based on user decision) value

"SpybotDeletingA1675" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.manifest"") added in System Startup

global entry!
2/11/2009 2:37:26 PM Allowed (based on user decision) value

"SpybotDeletingC5622" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup global entry!
2/11/2009 2:49:13 PM Allowed (based on user decision) value

"SpybotDeletingB8505" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.jar"") added in System Startup user

entry!
2/11/2009 2:49:20 PM Allowed (based on user decision) value

"SpybotDeletingD729" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup user entry!
2/11/2009 2:49:29 PM Allowed (based on user decision) value

"SpybotDeletingB496" (new data: "command.com /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup user entry!
2/11/2009 2:49:36 PM Allowed (based on user decision) value

"SpybotDeletingD3253" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup user entry!
2/11/2009 2:49:38 PM Allowed (based on user decision) value

"SpybotDeletingA5959" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.jar"") added in System Startup global

entry!
2/11/2009 2:49:45 PM Allowed (based on user decision) value

"SpybotDeletingC820" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup global entry!
2/11/2009 2:49:47 PM Allowed (based on user decision) value

"SpybotDeletingA1479" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.manifest"") added in System Startup

global entry!
2/11/2009 2:51:56 PM Allowed (based on user decision) value

"SpybotDeletingC4441" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup global entry!
2/11/2009 3:06:28 PM Allowed (based on user decision) value

"SpybotDeletingB9106" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.jar"") added in System Startup user

entry!
2/11/2009 3:06:35 PM Allowed (based on user decision) value

"SpybotDeletingD2070" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup user entry!
2/11/2009 3:06:37 PM Allowed (based on user decision) value

"SpybotDeletingB9755" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.manifest"") added in System Startup

user entry!
2/11/2009 3:07:38 PM Allowed (based on user decision) value

"SpybotDeletingD9321" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup user entry!
2/11/2009 3:07:41 PM Allowed (based on user decision) value

"SpybotDeletingA2675" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.jar"") added in System Startup global

entry!
2/11/2009 3:07:47 PM Allowed (based on user decision) value

"SpybotDeletingC3783" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.jar"") added in System Startup global entry!
2/11/2009 3:07:48 PM Allowed (based on user decision) value

"SpybotDeletingA5419" (new data: "command.com /c del "C:\Program

Files\Mozilla Firefox\chrome\a2ffxtbr.manifest"") added in System Startup

global entry!
2/11/2009 3:07:56 PM Allowed (based on user decision) value

"SpybotDeletingC7975" (new data: "cmd.exe /c del "C:\Program Files\Mozilla

Firefox\chrome\a2ffxtbr.manifest"") added in System Startup global entry!



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2006-01-18 unins000.exe (51.41.0.0)
2009-02-11 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-01-22 Includes\Adware.sbi
2009-01-22 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-01-06 Includes\Dialer.sbi
2009-01-22 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-02-10 Includes\Hijackers.sbi
2009-02-10 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2009-02-03 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-11-18 Includes\Malware.sbi
2009-02-10 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2009-02-10 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-02-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-01-28 Includes\Spyware.sbi
2009-01-28 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2009-02-03 Includes\Trojans.sbi
2009-02-10 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Logitech

Hardware Abstraction Layer
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ISUSPM
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA9793
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA9278
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA8943
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA7527
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA5265
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA4246
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA9061
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA4256
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA646
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA5332
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA4028
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA695
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA1675
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA5959
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA1479
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA2675
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDe

letingA5419
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LTM2
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB5579
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB3652
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB8612
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB6753
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB3545
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB108
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB4504
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB8333
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB4199
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB1579
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB210
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB6110
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB894
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB8505
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB496
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB9106
Filename:
Data:

Category: Startup file does not exist
Location:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDel

etingB9755
Filename:
Data:

Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenSS

L_is1
Filename: "C:\OpenSSL\unins000.exe"
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help\AM_LHA.chm
Filename: AM_LHA.chm
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\BRQIKMON.HLP
Filename: BRQIKMON.HLP
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\DO

CUME~1\USER1~1\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll
Filename: C:\DOCUME~1\USER1~1\LOCALS~1

\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Do

cuments and Settings\All Users\Application

Data\Intuit\Quicken\Help\Bin\library.js
Filename: C:\Documents and Settings\All Users\Application

Data\Intuit\Quicken\Help\Bin\library.js
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Do

cuments and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IDH_BANKING_CONCEPT_PayingBillsOnline\calenda

r.gif
Filename: C:\Documents and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IDH_BANKING_CONCEPT_PayingBillsOnline\calenda

r.gif
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Do

cuments and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IDH_HELP_WelcomeToQuickenHelp\Welcome.gif
Filename: C:\Documents and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IDH_HELP_WelcomeToQuickenHelp\Welcome.gif
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Do

cuments and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IDH_ONLINE_TASK_UseScheduledUpdates\active.gi

f
Filename: C:\Documents and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IDH_ONLINE_TASK_UseScheduledUpdates\active.gi

f
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Do

cuments and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IDH_SETUP_TASK_RecordHoldingsWithACB\acb-

dateacquired.gif
Filename: C:\Documents and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IDH_SETUP_TASK_RecordHoldingsWithACB\acb-

dateacquired.gif
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Do

cuments and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IRR.gif
Filename: C:\Documents and Settings\All Users\Application

Data\Intuit\Quicken\Help\Images\IRR.gif
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Do

cuments and Settings\All Users\Application

Data\Intuit\Quicken\Help\Styles\collapsed.css
Filename: C:\Documents and Settings\All Users\Application

Data\Intuit\Quicken\Help\Styles\collapsed.css
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App

Paths\SoundMAX
Filename: C:\Program Files\Analog Devices\SoundMAX
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App

Paths\None
Filename: C:\Program Files\Broadcom\DrvInst\Broadcom 440x 10/100 Integrated

Controller
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BEEP.WAV
Filename: C:\Program Files\Brownie\BEEP.WAV
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\brcdcmon.exe
Filename: C:\Program Files\Brownie\brcdcmon.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BRHOOK.DLL
Filename: C:\Program Files\Brownie\BRHOOK.DLL
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BRKBHOOK.DLL
Filename: C:\Program Files\Brownie\BRKBHOOK.DLL
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BRNIPMON.exe
Filename: C:\Program Files\Brownie\BRNIPMON.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BROWNIE.EXE
Filename: C:\Program Files\Brownie\BROWNIE.EXE
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BROWNIE.HLP
Filename: C:\Program Files\Brownie\BROWNIE.HLP
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BROWNIE.INI
Filename: C:\Program Files\Brownie\BROWNIE.INI
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BrStsWnd.exe
Filename: C:\Program Files\Brownie\BrStsWnd.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BRSTSWND.HLP
Filename: C:\Program Files\Brownie\BRSTSWND.HLP
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\BUSMX99A.EXE
Filename: C:\Program Files\Brownie\BUSMX99A.EXE
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\popup.wav
Filename: C:\Program Files\Brownie\popup.wav
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Brownie\RCHANGE.EXE
Filename: C:\Program Files\Brownie\RCHANGE.EXE
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App

Paths\Easy-WebPrint
Filename: C:\Program Files\Canon\Easy-WebPrint\Easy-WebPrint
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\InterVideo\Common\Bin\IVIPromotion.exe
Filename: C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Filename: C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Mozilla Firefox\plugins\\NPSWF32.dll
Filename: C:\Program Files\Mozilla Firefox\plugins\\NPSWF32.dll
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Pr

ogram Files\Mozilla Firefox\plugins\NPSWF32.dll
Filename: C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App

Paths\isobuster.exe
Filename: C:\Program Files\Smart Projects\IsoBuster\IsoBuster.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Downloaded Program Files\HPISDataManager.dll
Filename: C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\hpmonZ.exe
Filename: C:\WINDOWS\hpmonZ.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\idvectra.exe
Filename: C:\WINDOWS\idvectra.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\ispro.ico
Filename: C:\WINDOWS\ispro.ico
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705

\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705

\System.EnterpriseServices.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705

\System.Windows.Forms.tlb
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\shortcut.exe
Filename: C:\WINDOWS\shortcut.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\system32\DIMM.DLL
Filename: C:\WINDOWS\system32\DIMM.DLL
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\system32\Macromed\Flash\FlashUtil9c.exe
Filename: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
Data:

Category: Missing shared DLL
Location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WI

NDOWS\system32\Macromed\Flash\FlDbg9c.ocx
Filename: C:\WINDOWS\system32\Macromed\Flash\FlDbg9c.ocx
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\nwind9.cnt
Filename: nwind9.cnt
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\nwind9.hlp
Filename: nwind9.hlp
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\nwindcs9.cnt
Filename: nwindcs9.cnt
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\nwindcs9.hlp
Filename: nwindcs9.hlp
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\scanpst.hlp
Filename: scanpst.hlp
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App

Paths\setup.exe
Filename: setup.exe
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App

Paths\table30.exe
Filename: table30.exe
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App

Paths\ISS.exe
Filename: uninst.exe
Data:



Too much info?-)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:26 PM

Posted 11 February 2009 - 10:07 PM

mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth.

More effective alternatives are Malwarebytes Anti-Malware and SUPERAntiSpyware Free.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users